Healthcare Security: What is Ransomware and How Do I Prevent an Attack?
Last month, Allscripts, an EHR provider for hospital and health systems – including post-acute care facilities – suffered a ransomware attack that brought business to a standstill for roughly 1,500 clients who couldn’t access critical information and services, including patient records and e-prescribing. Allscripts is just one of many healthcare organizations hit by ransomware over the last year—and this trend shows no sign of abating. In fact, according to one report, ransomware aimed at healthcare organizations increased 89% from 2016 to 2017.
Ransomware is a serious and growing threat that has raised the alarm for many of our customers in the post-acute care industry.
What can you do to protect yourself?
1. Understand what ransomware is
2. Understand why you’re vulnerable
3. Learn steps you can take to prevent an attack
What is ransomware?
Ransomware is a form of cyber extortion where cybercriminals use malware (software infected with viruses) to take control of a computer system and encrypt important files, applications or services. Victims are not able to get their data back until they pay a ransom, usually in the form of Bitcoin, a cryptocurrency.
Ransomware is especially insidious because it is most often sent through emails that appear to be legitimate, such as an email to your HR department about job applicants or an email to a specific executive about a business opportunity, referencing internal names or other details. It’s designed to trick people into clicking on malicious links or attachments. These types of social engineering techniques are easy to fall victim to and make every person in your organization susceptible.
The impact of an attack is significant, including the potential loss of data and revenue, damage to your business reputation and the disruption of vital patient care and services. Some healthcare organizations have paid tens of thousands of dollars to get their data back, and that doesn’t include other costs, such as downtime of systems or other financial repercussions.
The healthcare sector is a particularly attractive target for cybercriminals. Health data contains a wealth of personal information—credit card numbers, social security numbers, insurance information, medical records, etc.—that is highly valuable and can fetch a good price on the Dark Web, the underground part of the internet where products and services are bought and sold illegally.
It’s also fair to say that while the healthcare industry as a whole has been strong in enforcing compliance and privacy laws, healthcare cybersecurity has lagged behind other industries. Cybercriminals have taken advantage of these IT security gaps to infiltrate healthcare systems and steal data.
The last few years have changed that, however, and the good news is that data security has become a priority for healthcare executives. According to a report from Cybersecurity Ventures, global healthcare cybersecurity spending will exceed $65 billion cumulatively from 2017 to 2021, commensurate with other industries.
Preventing an attack
Protecting the privacy and security of our employees and customers is absolutely a top priority at Optima—and we take steps every day with our technology to ensure our systems, data and communications are protected. But dealing with cyber threats is not just about implementing great technology, it’s about people, and how you make them aware of the risks and educate them to avoid them. Ransomware is able to circumvent the best security controls because it takes advantage of the human element—it appeals to our curiosity, sense of urgency or fears to follow through on the “click” without checking the source.
We take the people part of security seriously, which is why we work closely with our partner KnowBe4, a leader in security awareness training, to educate our own employees on the latest tactics cybercriminals are using.
The following includes a few tips KnowBe4 has allowed us to share to help you prevent a ransomware attack at your organization:
- Be suspicious – If you receive an email that sounds too good to be true, seems urgent or makes you feel anxious, then listen to those feelings and be careful when clicking on a link or opening a file in an email—it could be ransomware. Sometimes these emails are legitimate, however, attackers use emotional responses to get people to click on links or open infected documents, and they are very good at it. Here is a great example of a phishing attempt that scares you into thinking your Apple account is going to be suspended unless you provide your private credentials on a website spoofed to look like Apple’s website.
- Train your employees – Most ransomware is spread through phishing emails. While these fraudulent emails can be very convincing, there is almost always a way to spot them if you know what to look for. For example, a legitimate company would never ask you to click on a link in an email to confirm your account. Rather, they would direct you to go to their company website and log into your account from there. Keeping your employees informed on these tactics and scams is your first line of defense.
- Back up your data – Backing up your data is important, but backups will do no good if they are encrypted by the ransomware. Backups need to be separated from the rest of the network. Attackers know that if you have good backups, you are less likely to pay the ransom, so many types of ransomware specifically target them. Also, test your backups regularly to ensure you can get data back whenever you need it. As a general rule, be sure to have at least three copies of your data on two different types of media (e.g., one on an external hard drive, one on tape) and one of the backups offsite.
- Fortify your network – Make sure you limit which computers can communicate. Rarely does a receptionist’s computer need to connect to a login screen on a database server, so limit that. This will limit how much damage can be done in the event of a ransomware infection or a hacker getting into your network. Also, be sure your routers, firewalls, switches and other network devices are running the latest software and firmware updates.
For more information on how Optima incorporates data security best practices into its solutions, please contact us.